CentOS Advanced Network Configuration with Ansible

I had some odd errors with my multi-homed CentOS servers. I was finally able to fix them with the help of this blog post. Apparently basic multi-homed networking in CentOS is broken and you need to use the advanced configuration option. If you want to manually configure your servers then I follow the steps in the blog post I linked to above. In this post I will describe how to automate this configuration with Ansible.

The Problem

Properly configure networking in CentOS 6.x using only Ansible variables. This configuration must work with any combination of physical NICs and VLANs.

The Solution

Create a separate Ansible role for networking called network. Define your networks in group_vars/all and host specific network configurations in host_vars/host.example.com. See the role code on my github repository.

The Details

The networking role will set all the network related configuration files including the advanced settings. The advanced settings add the following files:

/etc/iproute2/rt_tables

/etc/sysconfig/network-scripts/route-ethX

/etc/sysconfig/network-scripts/rule-ethX

These will configure a multi-homed server properly and also work fine for single-homed hosts.

As you will be able to see from the Ansible source code files, this requires many variable and some complex logic. Some of the complex is due to the way the Jinja2 templating engine handles variables. It isn’t possible to take a purely DRY approach.

If the defaults in ifcfg-eth.j2 work for you then all you have to do is describe your networks in group_vars/all and then add the host specific variables.

Examples

Assume you have three networks: dev, staging, and production. In this case your all file would contain this:

This creates a dummy eth0 configuration and an eth0.12 and eth0.13 file. The “.” in front of the vlan_id must be there for the code to work. For a untagged interfaces simply change is_vlan to false and set the vlan_id to "". This latter is needed to work around Jinja2 idiosyncrasies as is all the redundancy between all and the host files.